From 669ab7284db120a42a09a8b467bc20d4c8f8e7b8 Mon Sep 17 00:00:00 2001 From: Sujeet Agrahari Date: Sat, 24 Feb 2024 09:29:14 +0530 Subject: [PATCH] Create namespaced resources --- deploy/values.yaml | 9 ++-- ...ing.yaml => cluster-role-and-binding.yaml} | 8 ++-- .../k8s-dashboard.role-binding.yaml | 12 ----- ...vice-account.yaml => service-account.yaml} | 1 + step-wise-guideline.md | 45 +++++++++++-------- 5 files changed, 36 insertions(+), 39 deletions(-) rename kubernetes/k8s-dashboard/{k8s-cluster-level.role-binding.yaml => cluster-role-and-binding.yaml} (70%) delete mode 100644 kubernetes/k8s-dashboard/k8s-dashboard.role-binding.yaml rename kubernetes/k8s-dashboard/{k8s-dashboard.service-account.yaml => service-account.yaml} (71%) diff --git a/deploy/values.yaml b/deploy/values.yaml index 95c625a..d286422 100644 --- a/deploy/values.yaml +++ b/deploy/values.yaml @@ -5,15 +5,16 @@ deployment: replicaCount: 2 image: repository: quick-links - tag: argocd + tag: dev pullPolicy: Never env: - DB_HOST: 'postgres-postgresql-ha-pgpool' + NODE_ENV: 'development' + DB_HOST: 'postgres-postgresql-ha-pgpool.postgres.svc.cluster.local' DB_USER: 'postgres' DB_PASSWORD: 'password' DB_NAME: 'quicklink' - REDIS_HOST: 'redis-master' - REDIS_PASSWORD: 'pyL9vFnIpw' + REDIS_HOST: 'redis-master.redis.svc.cluster.local' + REDIS_PASSWORD: 'password' service: name: quick-links-service diff --git a/kubernetes/k8s-dashboard/k8s-cluster-level.role-binding.yaml b/kubernetes/k8s-dashboard/cluster-role-and-binding.yaml similarity index 70% rename from kubernetes/k8s-dashboard/k8s-cluster-level.role-binding.yaml rename to kubernetes/k8s-dashboard/cluster-role-and-binding.yaml index 72c985f..e96ef16 100644 --- a/kubernetes/k8s-dashboard/k8s-cluster-level.role-binding.yaml +++ b/kubernetes/k8s-dashboard/cluster-role-and-binding.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: dashboard-cluster-role + name: k8s-dashboard-cluster-role rules: - apiGroups: ['*'] resources: ['*'] @@ -10,12 +10,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: dashboard-cluster-role-binding + name: k8s-dashboard-cluster-role-binding subjects: - kind: ServiceAccount name: dashboard-sa - namespace: default + namespace: k8s-dashboard roleRef: kind: ClusterRole - name: dashboard-cluster-role + name: k8s-dashboard-cluster-role apiGroup: rbac.authorization.k8s.io diff --git a/kubernetes/k8s-dashboard/k8s-dashboard.role-binding.yaml b/kubernetes/k8s-dashboard/k8s-dashboard.role-binding.yaml deleted file mode 100644 index 037cab6..0000000 --- a/kubernetes/k8s-dashboard/k8s-dashboard.role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dashboard-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: dashboard-sa - namespace: default diff --git a/kubernetes/k8s-dashboard/k8s-dashboard.service-account.yaml b/kubernetes/k8s-dashboard/service-account.yaml similarity index 71% rename from kubernetes/k8s-dashboard/k8s-dashboard.service-account.yaml rename to kubernetes/k8s-dashboard/service-account.yaml index 51193a5..e73d99e 100644 --- a/kubernetes/k8s-dashboard/k8s-dashboard.service-account.yaml +++ b/kubernetes/k8s-dashboard/service-account.yaml @@ -2,3 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-sa + namespace: k8s-dashboard diff --git a/step-wise-guideline.md b/step-wise-guideline.md index a8965d8..66c0c3f 100644 --- a/step-wise-guideline.md +++ b/step-wise-guideline.md @@ -32,7 +32,8 @@ helm install postgres bitnami/postgresql-ha \ --set global.postgresql.repmgrDatabase="repmgr" \ --set global.pgpool.adminUsername="admin" \ --set global.pgpool.adminPassword="password" \ ---set postgresqlImage.debug=true +--set postgresqlImage.debug=true \ +--create-namespace --namespace postgres ``` Once installed, @@ -40,35 +41,35 @@ Once installed, PostgreSQL can be accessed through Pgpool via port 5432 on the following DNS name from within your cluster: ```sh -postgres-postgresql-ha-pgpool.default.svc.cluster.local + postgres-postgresql-ha-pgpool.postgres.svc.cluster.local ``` To get the password for the `postgres` user run: ```sh -kubectl get secret --namespace default postgres-postgresql-ha-postgresql -o jsonpath="{.data.password}" | base64 -d | pbcopy +kubectl get secret --namespace postgres postgres-postgresql-ha-postgresql -o jsonpath="{.data.password}" | base64 -d | pbcopy ``` To connect to your database and test from outside the cluster execute the following commands: ```sh -kubectl port-forward --namespace default svc/postgres-postgresql-ha-pgpool 5433:5432 +kubectl port-forward --namespace postgres svc/postgres-postgresql-ha-pgpool 5433:5432 # If you want to make accessible through th process, you can run in background process: -kubectl port-forward --namespace default svc/postgres-postgresql-ha-pgpool 5433:5432 & +kubectl port-forward --namespace postgres svc/postgres-postgresql-ha-pgpool 5433:5432 & ``` ## Setup Redis cluster ```sh # Install redis - single mast and multiple slaves -helm install redis bitnami/redis +helm install redis bitnami/redis --set global.redis.password="password" --create-namespace --namespace redis -# Redis® can be accessed on the following DNS names from within your cluster: +# Redis can be accessed on the following DNS names from within your cluster: # redis-master.default.svc.cluster.local for read/write operations (port 6379) # redis-replicas.default.svc.cluster.local for read-only operations (port 6379) @@ -78,7 +79,7 @@ kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password} # To connect to your database from outside the cluster execute the following commands: -kubectl port-forward --namespace default svc/redis-master 6379:6379 & +kubectl port-forward --namespace redis svc/redis-master 6379:6379 & ``` ## Setup Kubernetes dashboard @@ -86,19 +87,25 @@ kubectl port-forward --namespace default svc/redis-master 6379:6379 & ```sh helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ -helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard +helm install k8s-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace k8s-dashboard # To access the dashboard run the following command: - kubectl apply -f kubernetes/k8s-dashboard/k8s-dashboard.service-account.yaml -kubectl apply -f kubernetes/k8s-dashboard/k8s-dashboard.role-binding.yaml +kubectl apply -f kubernetes/k8s-dashboard/service-account.yaml +kubectl apply -f kubernetes/k8s-dashboard/cluster-role-and-binding.yaml # Get the token -kubectl create token dashboard-sa | pbcopy +kubectl create token dashboard-sa -n k8s-dashboard | pbcopy +kubectl -n k8s-dashboard port-forward k8s-dashboard-pod-name 8443:8443 + + +# OR kubectl proxy # http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:https/proxy/#/login + + ``` ## Setup Kong @@ -116,10 +123,10 @@ kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -# to serve on http you need add toplevel -# Go to kubernetes dashboard and update the argocd-cm config map +# to serve on http you need add toplevel at indent metadata +# Go to kubernetes dashboard and update the argocd-cmd-params-cm config map # data: -# server.insecure: true +# server.insecure: "true" # server.rootpath: /argocd -> it is needed to run behind proxy kubectl get secrets -n argocd argocd-initial-admin-secret -o yaml @@ -134,8 +141,8 @@ echo NkZoc3E0RW45OTZDRDlJdg== | base64 --decode ``` kubectl apply -f kubernetes/kong/argocd-ingress.yaml -kubectl apply -f kubernetes/kong/kong-admin.yaml -kubectl apply -f kubernetes/kong/kong-manager.yaml +kubectl apply -f kubernetes/kong/kong-admin-ingress.yaml +kubectl apply -f kubernetes/kong/kong-manager-ingress.yaml kubectl apply -f kubernetes/kong/quick-links-ingress.yaml ``` @@ -143,7 +150,7 @@ kubectl apply -f kubernetes/kong/quick-links-ingress.yaml ```sh # Make sure you build the app first -docker build . --target dev -t quick-links:argocd +docker build . --target dev -t quick-links:dev -kubectl apply -f deploy/argocd/application.yaml +kubectl apply -f deploy/application.yaml ```